Uses the changes to wolfSSL found in https://github.com/wolfSSL/wolfssl/pull/5078 Signed-off-by: Juliusz Sosinowicz <juliusz@xxxxxxxxxxx> --- src/crypto/tls_wolfssl.c | 18 +++++++++++++----- tests/hwsim/test_ap_eap.py | 6 +++--- tests/hwsim/test_suite_b.py | 2 ++ 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index fe6a28162c..31f0bd8f3c 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -554,11 +554,13 @@ int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) wolfSSL_set_quiet_shutdown(conn->ssl, 1); wolfSSL_shutdown(conn->ssl); - session = wolfSSL_get_session(conn->ssl); - if (wolfSSL_clear(conn->ssl) != 1) + session = wolfSSL_get1_session(conn->ssl); + if (wolfSSL_clear(conn->ssl) != 1) { + wolfSSL_SESSION_free(session); return -1; + } wolfSSL_set_session(conn->ssl, session); - + wolfSSL_SESSION_free(session); return 0; } @@ -1495,6 +1497,8 @@ static void tls_set_conn_flags(WOLFSSL *ssl, unsigned int flags) wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_1); if (flags & TLS_CONN_DISABLE_TLSv1_2) wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_2); + if (flags & TLS_CONN_DISABLE_TLSv1_3) + wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_3); } #ifdef ANDROID @@ -1921,7 +1925,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS) return -1; - wolfSSL_CTX_EnableOCSP(tls_ctx, 0); + if (wolfSSL_EnableOCSPStapling(conn->ssl) != + SSL_SUCCESS) + return -1; } #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 @@ -1930,7 +1936,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, WOLFSSL_CSR2_OCSP_MULTI, 0) != SSL_SUCCESS) return -1; - wolfSSL_CTX_EnableOCSP(tls_ctx, 0); + if (wolfSSL_EnableOCSPStapling(conn->ssl) != + SSL_SUCCESS) + return -1; } #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ #if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 757cb5399b..55519c28e8 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -89,8 +89,8 @@ def check_ocsp_support(dev): # raise HwsimSkip("OCSP not supported with this TLS library: " + tls) #if "BoringSSL" in tls: # raise HwsimSkip("OCSP not supported with this TLS library: " + tls) - if tls.startswith("wolfSSL"): - raise HwsimSkip("OCSP not supported with this TLS library: " + tls) + #if tls.startswith("wolfSSL"): + # raise HwsimSkip("OCSP not supported with this TLS library: " + tls) def check_pkcs5_v15_support(dev): tls = dev.request("GET tls_library") @@ -99,7 +99,7 @@ def check_pkcs5_v15_support(dev): def check_tls13_support(dev): tls = dev.request("GET tls_library") - if "run=OpenSSL 1.1.1" not in tls and "run=OpenSSL 3.0" not in tls: + if "run=OpenSSL 1.1.1" not in tls and "run=OpenSSL 3.0" not in tls and "wolfSSL" not in tls: raise HwsimSkip("TLS v1.3 not supported") def check_ocsp_multi_support(dev): diff --git a/tests/hwsim/test_suite_b.py b/tests/hwsim/test_suite_b.py index 2b3c30fc19..f3b6be50cd 100644 --- a/tests/hwsim/test_suite_b.py +++ b/tests/hwsim/test_suite_b.py @@ -24,6 +24,8 @@ def check_suite_b_tls_lib(dev, dhe=False, level128=False): tls = dev[0].request("GET tls_library") if tls.startswith("GnuTLS"): return + if tls.startswith("wolfSSL"): + return if not tls.startswith("OpenSSL"): raise HwsimSkip("TLS library not supported for Suite B: " + tls) supported = False -- 2.25.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap